As far as I know, no, you just enable the proxying in the DNS configuration, and then you can use the security-firewall section for any filtering you want to apply. That traffic will be analyzed and, if necessary, blocked when it hits CloudFlare, before it reaches your server. Just make sure you have the right SSL/TLS configuration set up when you proxy the traffic, so you don't get into some weird circular redirection loops.
For a single IP to be banned, it might be overkill though.